Friday, August 24, 2007

Daily Highlights

ComputerWorld reports California Public Employees' Retirement System officials are sending letters of apology to about 445,000 state retirees after inadvertently printing their Social Security numbers on brochures announcing an upcoming election at the state pension fund. (See item 13)
The New York Times reports the five levees that protect the metropolitan area of East St. Louis, Illinois, from the Mississippi River do not meet the Federal Emergency Management Agency’s standards for flood protection and will be removed from maps that record flood vulnerability. (See item 38)·

Information Technology and Telecommunications Sector

34. August 22, eWeek — Trend Micro fixes security flaws. Trend Micro has patched several vulnerabilities in its ServerProtect, Anti−Spyware and PC−cillin products that could be exploited remotely to allow hackers to execute arbitrary code. Several vulnerabilities affected ServerProtect, which provides anti−virus protection for Microsoft Windows and Novell NetWare servers. According to researchers at iDefense Labs, in Sterling, VA, an integer overflow exists within the RPCFN_SYNC_TASK function, which allocates memory based on a user−supplied integer within the request data. A number of boundary errors can be used to trigger buffer heap and/or stack−based buffer overflows. All of the vulnerabilities affect ServerProtect for Windows 5.58 Build 1176 (Security Patch 3), iDefense officials said, adding that previous versions and versions for other platforms are suspected to be vulnerable as well. The company has released Security Patch 4 to plug the security gaps. In addition, Trend Micro recently fixed flaws affecting version 3.5 of its Anti−Spyware offering, as well as PC−cillin Internet Security 2007.
Trend Micro Patches:
Trend Micro Hotfix:−1035845

35. August 22, IDG News Service — IBM buys Web conferencing vendor WebDialogs. IBM has acquired a Web conferencing service provider, it announced as part of a flurry of unified communications moves on Wednesday, August 22. IBM will make WebDialogs part of its Lotus division and add its service to the Sametime family of products, giving customers a software−as−a−service option for Web conferencing, the company said. Cisco and Microsoft are moving aggressively into unified communications, which combines all forms of interactive voice and data communications with presence technology that tells the world how a person can be reached in real time. IBM has taken a different approach, not building its own phone−switch replacement or a full range of communications tools, but ensuring compatibility with third−party products.

36. August 22, Reuters — Telecom offers reward for leads on copper theft. U.S. rural telecommunications carrier Embarq is offering a $5,000 reward for information leading to the arrest of anyone stealing its copper cables in Las Vegas amid a global crime spree targeting increasingly valuable metals. Embarq said on Wednesday, August 22, that copper cable theft has become a growing problem, particularly in Las Vegas, its largest market, where thieves have snipped away part of its aerial lines. The company, a spin−off from Sprint Nextel, has already spent $400,000 so far this year to repair severed cable lines in Las Vegas. More than 60 people have been arrested in Las Vegas so far this year for stealing copper. Officials believe the stolen metal is sold as scrap to recycling centers. The price of copper has more than doubled over the past two years as rapid industrialization in China and other emerging economies spurred demand and triggered similar crimes around the world.

37. August 22, ComputerWorld — Storm Trojan horse may turn to hyping Hurricane Dean. The 8−month old Storm Trojan horse may soon come full circle and take up touting Hurricane Dean, the Category 5 storm that slammed into Mexico Tuesday, August 21, security researchers said. Storm, also known as Peacomm, started life in January as malware attached to messages comprised of fake news accounts of a massive series of wind storms that struck Europe. One of the first Storm−bearing messages dangled the subject head "230 dead as storm batters Europe" to tempt users into launching the file. Recipients who clicked on the attached executable were infected by the Trojan horse, which turned their systems into spam−spewing zombies. Symantec Corp. researchers are betting that the malware's makers will try the same trick with Hurricane Dean.